Tech Tip: Email Security Upgrade

In March of 2020, Cadient Talent announced the addition of SPF and DKIM (Domain Key Identified Mail) authentication to all messages originating from the CTA system. Completing two small tasks will improve email security and reputation and reduce the chances of applicant communications landing in spam folders.

These tools were created to counteract spammers, phishers, fraudsters and other types of email abuse, making sure that fraudulent emails impersonating sensitive services don't make it into the recipient’s inbox. As cybercriminals become bolder and more sophisticated, these anti-spam measures are increasingly important.

While some clients have complied with one or the other types of security authentication, we will require all clients to support both. 

Please complete the following two tasks by January 21, 2022, to update your DNS records.

1. Verify the SPF record includes the latest version of the Cadient Talent servers.
2. Add an alias or CNAME record to your DNS to enroll in the DKIM mechanism.

With the addition of SPF and DKIM to our email technology suite, we can now pass the strictest anti-spam policies, such as DMARC, required by our clients and their applicants. 

Please review the information below or contact your Cadient Talent representative for additional technical information.

WHAT IS DKIM?

DKIM, which stands for Domain Keys Identified Mail, is an email authentication method designed to detect forged header fields and content in emails. DKIM lets the receiver check if email headers and content have been altered in transit.

WHY USE DKIM?

DKIM enables the receiving email server to validate if the email headers or content have been altered in transit. If so, the DKIM check will return the “fail” result, indicating the message’s integrity has been compromised.

On the DMARC level, you can specify a p=reject policy to reject messages that have failed DKIM authentication (and SPF authentication). This way, you can prevent malicious emails from reaching your recipients’ inboxes.

WHAT IS SPF?

SPF or Sender Policy Framework is an email authentication protocol designed to verify the identity of the sending email server and its authorization to send emails for a specific domain.

ARE SPF AND DKIM BOTH REQUIRED?

Yes, Cadient requires both. Combining the two settings verifies the email sender’s identity and that the message was kept in the form initially intended. The required changes will maximize email deliverability and ensure that emails land in the correct Inbox (versus being filtered out through SPAM detection automation or block listed).

WHAT WORK IS REQUIRED BY CLIENTS?

Two tasks are required to update DNS records. First, verify the SPF record includes the latest version of the Cadient Talent servers. Second, add an alias or CNAME record to your DNS to enroll in the DKIM mechanism.